Linux Kernel Vulnerabilities Addressed in Ubuntu 18.04
Recently, several critical vulnerabilities were identified in the Linux kernel. These vulnerabilities could potentially allow attackers to crash systems, steal sensitive information, or even execute arbitrary code. The good news is that the patches have been released to address these issues. In this article, we will explore the fixed vulnerabilities in end-of-life Ubuntu versions (16.04 and 18.04) and offer an alternative solution for users who are not subscribed to Ubuntu Pro.
High-Severity Linux Kernel Vulnerabilities Fixed
CVE-2023-2002 (CVSS v3 Severity Score: 6.8 Medium)
Ruihan Li uncovered a flaw within the Linux kernel’s bluetooth subsystem due to inadequate permissions checking in HCI sockets. Exploiting this flaw could result in denial of service, particularly in bluetooth communication.
CVE-2023-39197 (CVSS v3 Severity Score: 7.5 High)
Eric Dumazet’s discovery highlighted a weakness in the netfilter subsystem due to improper handling of DCCP conntrack buffers in certain situations. This could lead to an out-of-bounds read vulnerability, potentially allowing a remote attacker to expose sensitive information via the DCCP protocol.
CVE-2023-46838 (CVSS v3 Severity Score: 7.5 High)
Pratyush Yadav found an issue in the Linux kernel’s Xen network backend implementation, which mishandled zero-length data requests, resulting in a null pointer dereference vulnerability. This flaw could be exploited by an attacker within a guest VM to trigger a denial of service (host domain crash).
CVE-2023-51781 (CVSS v3 Severity Score: 7.0 High)
A race condition was discovered in the AppleTalk networking subsystem, leading to a use-after-free vulnerability. Local attackers could leverage this vulnerability to cause a denial of service (system crash) or even execute arbitrary code.
CVE-2024-0775 (CVSS v3 Severity Score: 7.1 High)
Another use-after-free vulnerability was identified in the Linux kernel’s ext4 file system implementation due to improper handling of the remount operation in some cases. This could be exploited by local attackers to cause a denial of service (system crash) or disclose sensitive information.
CVE-2024-1086 (CVSS v3 Severity Score: 7.8 High)
Discovered by Notselwyn, this use-after-free vulnerability was found in the netfilter subsystem due to incorrect handling of verdict parameters in some cases. This could be exploited by a local attacker to cause a denial of service or escalate privileges.
Conclusion: Taking Action
To mitigate these Linux kernel vulnerabilities, users are strongly advised to promptly apply security updates. However, for end-of-life Ubuntu systems such as Ubuntu 16.04 and Ubuntu 18.04, obtaining security updates requires Extended Support Maintenance, available with Ubuntu Pro.
Fortunately, there exists a cost-effective alternative, TuxCare’s Extended Lifecycle Support. TuxCare’s solution offers automated vulnerability patches for end-of-life Ubuntu systems for up to five years after official support ends. This ensures continued protection against emerging threats for your end-of-life Ubuntu systems while you can focus on planning a safe migration.
Moreover, TuxCare also provides KernelCare Enterprise live patching solution that automatically applies security fixes on the running kernel without needing to restart the system. KernelCare supports all popular Linux distributions including Ubuntu, Debian, CentOS, RHEL, AlmaLinux, Rocky Linux, CloudLinux, Amazon Linux, and more.
Ask patching-related questions to our Linux security experts and learn how to automate and modernize your patching process.
Source: USN-6701-1